Slashdot Mirror
Porn Spam using Slashdot.org name
[TEXT OF MAIL FOLLOWS]
"X-Received: from pony-1.mail.digex.net (pony-1.mail.digex.net [204.91.241.5]) by groucho.med.jhmi.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id AAA56584 for ; Thu, 17 Jun 1999 00:14:26 -0400 (EDT)
X-Received: from zamboni.mail.digex.net (zamboni.mail.digex.net [204.91.99.98])
by pony-1.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA14165
for ; Thu, 17 Jun 1999 00:11:07 -0400 (EDT)
X-Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
by zamboni.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA01690
for ; Thu, 17 Jun 1999 00:11:06 -0400 (EDT)
X-Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA224 for ;
Thu, 17 Jun 1999 08:08:50 +0400
X-Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49)
id MQ9VDG1N; Thu, 17 Jun 1999 08:08:00 +0400
From: "slashdot.org" To: Date: Thu, 17 Jun 1999 08:07:52 +0300
Subject: Dear Member of slashdot.org (eisen@access.digex.net)
Reply-To: support@slashdot.org
Organization: slashdot.org
Content-Type: multipart/mixed; boundary=XX0BFF0BCE-00350BFFXX
X-Priority: 3
ReSent-From: Halmonster ReSent-To:
This is a Multipart MIME message. Since your mail reader does not understand this format, some or all of this message may not be legible.
--XX0BFF0BCE-00350BFFXX
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hello dear member!
Slashdot.org offer you new service of overclocking your operation system (w=
in95/98/NT/linux/mac=20
and more)
For more information please visit http://join.at/freepc CT:DO NOT CLICK THIS LINK! ITS
A PAGE OF DAMN BANNER ADS! THIS IS A SCAM!
We always think about You
------------------------------------------
This message was sent to you by
Name: slashdot.org
Email Address: support@slashdot.org
IP Address: ras5.icp.rssi.ru
------------------------------------------
Using Aureate Group Mail Free Edition
Find out more about this product and try it=20
for free at: link
--XX0BFF0BCE-00350BFFXX--
"
After looking at the site in question, a slashdot effect would not help any, as the person who sent the spam is trying to get people to click on the links. For every link that you (everyone in general) click, he gets a small amount of cash through "click through" type services. There is no easy way to deal with these types of idiots. Unless the owners of /. are willing to sue, the idiot can go on using the slashdot.org domain forgeries in the headers. (atleast until certain laws become official, however long that will take).
I came, I conquered, I coredumped
If you don't email him, be sure to give him the gift of the infinite ping...
Looking at the headers in the spam I got, I returned it pretty hard to the guy. From the headers, it looked like the guy used some kind of point and drool warez program.
Why people spam is beyond me. What would motivate someone to do something so sensless? It costs them money and does not gain worthwhile friends. Is it the same motivation that drives serial killers?
Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
by Edison.EBICom.Net (8.9.1a/8.9.1) with ESMTP id XAA14816
for ; Wed, 16 Jun 1999 23:11:04 -0500
Message-Id:
Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA207 for ;
Thu, 17 Jun 1999 08:08:46 +0400
Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange
Internet Mail Service Version 5.0.1458.49)
id MQ9VDG1J; Thu, 17 Jun 1999 08:07:56 +0400
The spammer got my old email address that I haven't used for several months since I got my static IP. He must have compiled the list of addresses long ago. What pisses me off is that the guy looks bent on trying to destroy slashdot getting people riled up and emailing abuse@slashdot. Would it be reasonable to assume this guy is pulling a DOS attack?
The list originated from the distributed.net memberlist of slashdot. It became very obvious to me when I noticed they had used an email I only use to send/recieve rc-5 blocks. Maybe the list should be protected by the team owner of /.
I know it can be done, because EvangeLista did this already.
For people who like peace and quiet - a phoneless cord.
I think this is a little overrated. I've been posting my email to the usenet and Slashdot for some time now and I still get little (almost no) spam. The only account I have even been heavily spammed on is my old AOL account, but their system is stet up to delight spammers by always keeping a list of all of their members available to the public. Besides, if you never give your email address out what use is it?
I read the internet for the articles.
My email account is not obfuscated, but it is a tripwire for spam. I haven't received a thing from this spammer. My account has been active for a few months now.
Methinks this is just a prank to dig at the slashdot community. Lets not let that happen. Just ignore them and eventually they will go away, or get a little maturity.
the AntiCypher
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Doesn't seem like that great of an argument, I guess. If your ISP sucks, why not find a decent ISP who uses a good MTA? Seems that allowing an individual to connect directly to your mail host is quite an open door to abuse... I know, it sucks... bah, I don't know. I'm just sick of spam.
p.s. I have no idea why this gets posted with a score of 2....
Why didn't you get any? Looking at your address, you are using newsguy, the same guys that provide the anti spam service spamhippo. They also do a good job cleaning usenet news of spam crap. I have a newsguy account and it seems well protected against spam. I'm waiting for a day to get spam at that account so I can watch the spammer get crushed like a bug.
OK then...the headers say it came from ras5.icp.rssi.ru. According to www.rssi.ru, that is the remote access service of the Institute of Chemistry and Physics in Moscow. RSSI is the Russian Space Science Internet, an non-profit ISP for the scientific community in Russia.
I looked for an account administrator to send this to, and I found marina@rssi.edu.
Please do not slam this woman's mailbox. Send a well-constructed, concerned letter. The spam is not her fault, but it may be her responsibility to deal with it.
Mike
--
Mike
--
"Wi nøt trei a høliday in Sweden this yër?"
No, we don't need no stinking laws. The internet can heal itself without involving the slow creaky wheels of justice. If they keep it up, the pipe dumping raw noise into the internet will be simply cut off and blackballed. Things like that happen if you have a mail relay and allow abuse.
Here are a few great antispam links:
http://maps.vix.com/
http://www.orbs.org/
http://spam.abuse.net/
There are SO MANY good tools out there for sysadmins to block spam, if they'd just use them.
maps.vix.com has both the MAPS, a list of known offenders, and the DUL, a list of dial-up users from which direct mail should never be accepted. (Dial-up users should always go through their ISP's mail host...) www.orbs.org contains a list of insecure mail hosts which are often trespassed by spammers.
Blocking with these three lists would go a LONG ways towards reducing spam. If sysadmins would just use them... It's much harder to do as a user, unfortunately.
www.orbs.org is a clearinghouse of info for open relays. Very good site.
The spammer used an old address I thought I retired. Now that you mentioned it, it was my distributed.net address. I was just busting keys with that address, now I have to bust the skull of some dumbass knucklehead spammer so he can't father children in the future.
www.join.at points to www.rename.net, and they have a good anti-spam policy. I can't find a contact address, but there is a feedback form. Get this guy's link shut down. But BE NICE dammit, it's not rename.net's fault.
Yikes! That is the sign of a true geek. Gets out of the shower and checks Slashdot before getting dressed :-)
As far as we can tell, the spammer did harvest the email addresses from our stats database. They seem to have targeted both the /. team as well as the OS/2 Warp team.
As mentioned in our official announcement below, we're going to try to make it as hard as possible for spammers to grab email addresses, but its to impossible to protect emails that are listed 'out in the open'. If you're concerned about spam, PLEASE edit your info so that you are not listed by your email address.
Again, we apologize to those of you who were targeted by this spammer. Its very disapointing that someone would use the services of a non-profit organization, who's goal is to make the computing world a better place, to send spam.
Here's our official announcement:
Yesterday, a spammer 'harvested' email addresses from our stats database and sent out spam with spoofed email headers, making it appear that the spam came from slashdot.org or team warped. It appears that the spammer took email addresses out of the team member listing for the Slashdot team, the OS/2 Warp team, and perhaps other teams.
We are looking into ways we can make it harder for spammers to harvest email addresses from the stats database. Given the determination of some spammers, it will be difficult for us to completely protect email addresses without taking the stats off-line completely. Currently, our best line of defense is to allow participants to be listed by something other than their email address. If anyone has other suggestions, feel free to send them to our mailing list, rc5@lists.distributed.net.
If you are worried about your address being harvested, we strongly suggest that you edit your participant info and change how you are listed. In addition to being listed by your address, you can also be listed at 'Participant 123456' or by your name, which you can specify on the same page.
To edit your information, you need your password. If you don't have it, take a look at your personal stats listing at http://stats.distributed.net and click the link at the bottom of your listing that says 'I cannot remember my password. Please email...'
Once you have your password, go to http://stats.distributed.net/pedit.php3 You will be asked for a user name and a password. Your user name is your email address, and your password is the password that was mailed to you.
We hope that our users already assume this, but to clarify, distributed.net will never, ever sell or otherwise distribute your email addresses. The only method for people to retrieve email addresses is via the stats database. We do not support spam, and we're very sorry that someone would use our services to spam people.
Jim Nasby
distributed.net Human Interface
Not necessarily. I'm guessing they just used a random spam distro list. I should think that some people who don't even know what Slashdot is got this spam and are now rather confused. If they used a Slashdot mail list, surely everyone who reads Slashdot would have got the mail? I'm betting that only a small proportion of Slashdot regulars got spammed.
The loonies have left the gate, I'm sure. And this right after we read the Andover News bit about rabid slashdotters. *sigh*
Check out this link for a posting history with this address... note, however, that even this is not proof that "alexgurry@intra.ru" is the originator. Sure does look like it, though.
Unfortunately, this doesn't solve the problem... it just deletes it when it hits your inbox. It certainly does remove the major annoyance, but the problem is still there, clogging mail servers and using up bandwidth. And costing you money. I go back and forth - I let stuff come through for a while, put some notches in my spam-hunter belt, and then filter again when I can't stand it anymore. :-)
You've got a less than tiny chance that the idiots will blow off the court date (you would be supprised how many people do) and the court will almost certainly find in your favor as a result. You could win a lien against their bank account(s) or even physical assets.
At least that is how it works here in Wisconsin. YMMV. Of course if the SPAM originates from outside of the US, this won't work.
Thad
The Bolachek Journals
Somebody post the link. I ordinarily just submit spam to spamcop and hope that takes care of it, it'd be kind of cool if they got too much of a good thing, maybe for a few days running.
Ah, but "doing something about it" might mean "use the Received: headers to trace the message, and complain to the ISP". Hackers/geeks/nerds are technically savvy enough to know how to do this. "Average users" may not be. Hence, hackers (in the Slashdot sense of the word) are a bad choice of people to spam.
mx.icp.rssi.ru is an OPEN RELAY used by spammers to hide their tracks. Complain to postmaster@rssi.ru about it and send this spam to them, with full headers.
The spammer is hosted via intra.ru. Send mail to abuse@intra.ru and postmaster@intra.ru with the full headers and spam and say "You have a spammer on your system which is compromizing security and profits. Please remove."
Also, visit The Radparker Relay Spam Stopper to block the relay on subscribed systems.
---
Spammed? Click here for free slack on how to fight it!
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";